USB Tokens
The Reader-less Smart Card
Bill Bialick
SPYRUS
© 2001 SPYRUS, Inc.
USB
 The Universal Serial Bus was originally developed in 1995 by a number of
leaders in the PC industry including Intel and Microsoft.
 The major goal of USB was to define an external expansion bus which makes
adding peripherals to a PC as easy as hooking up a "telephone to a walljack." The program's driving goals were ease of use and low cost.
 Highlights:




PC host controller hardware and software
Robust connectors and cable assemblies
Peripheral friendly master-slave protocols
Expansion via multi-port hubs
© 2001 SPYRUS, Inc.
2
Market Forecasts
 According to market researcher Dataquest (San Jose, Calif.), the
microprocessor and memory based smart card market will grow from 544
million units in 1995 to 3.4 billion units by 2001. (Dataquest, 408-468-8206)
 A market study released in March 1998 by research firm Dataquest Inc.,
projected that 100 percent of PC shipments in 2001 will be USB-compatible
units, and that the installed base of USB-compatible PCs will exceed 500
million by then. That represents nearly 300 percent growth over the 1998
figure of 136 million USB-equipped PCs, according to Dataquest.
 According to Andrew Prophet Research and Consulting
(http://www.apresearch.com), last year over 4.5 million PCs were shipped
with a PC Card slot. In 1999, just three years from now, there will be more
than 29 million platforms shipped with PC Card slots, representing 88% of all
portable computing devices. Over 20 million cards will ship this year, and over
33 million cards will be shipped in 1997.
© 2001 SPYRUS, Inc.
3
Smart Card
 According to market researcher Dataquest (San Jose, Calif.), the
microprocessor and memory based smart card market will grow
from 544 million units in 1995 to 3.4 billion units by 2001.
 According to the market-research firm Dataquest (San Jose, Calif.),
90 percent of worldwide integrated-chip-card shipments went to
Europe in 1995, while only 2 percent headed to the Americas. By
the year 2001, Europe is expected to account for only 40 percent of
these shipments, while Asia will command 25 percent and the
Americas 20 percent.
 Until 2004, ISO 7618 IC smart cards will remain one of several
hardware token types used for secure access within enterprises and
on bounded extranets (0.8 probability).
(Gartner Group 9/17/99)
© 2001 SPYRUS, Inc.
4
USB
 A market study released in March 1998 by research firm Dataquest
Inc., projected that 100 percent of PC shipments in 2001 will be USBcompatible units, and that the installed base of USB-compatible PCs
will exceed 500 million by then. That represents nearly 300 percent
growth over the 1998 figure of 136 million USB-equipped PCs,
according to Dataquest.
 In 2002, nearly 400 million PC peripherals supporting the Universal
Serial Bus (USB) will represent a market of more than $1 billion,
according to market-research company In-Stat. "USB will be the
primary connection for human-interface ICs and peripherals," says
Scott Hudson, senior analyst for Cahners In-Stat Group's PC Technology
Service. "Because you can integrate USB technology into
microcontrollers and other ICs, new competition with potential market
shift will occur."
© 2001 SPYRUS, Inc.
5
USB Pros and Cons
 Pros
 No IRQ or memory window constraints
 Supports up to 127 devices
 Faster


USB 1.1 (12 Mbits/s)
USB 2.0 (480 Mbits/s)
 Parallel and Serial devices being
removed from newer notebooks
 Cons
 No Microsoft support for Windows NT
 Very limited support for Windows 95
 Connectors are often on the back of the PC
© 2001 SPYRUS, Inc.
6
The Need for Speed
Serial port: 115kbits/s (.115Mbits/s)
Standard parallel port: 115kBYTES/s (.115MBYTES/s)
USB 1.1: 12Mbits/s (1.5MBYTES/s)
ECP/EPP parallel port: 3MBYTES/s
IDE: 3.3-16.7MBYTES/s
SCSI-1: 5MBYTES/s
SCSI-2 (Fast SCSI, Fast Narrow SCSI): 10MBYTES/s
Fast Wide SCSI (Wide SCSI): 20MBYTES/s
Ultra SCSI (SCSI-3, Fast-20, Ultra Narrow): 20MBYTES/s
UltraIDE: 33MBYTES/s
Wide Ultra SCSI (Fast Wide 20): 40MBYTES/s
Ultra2 SCSI: 40MBYTES/s
IEEE-1394: 100-400Mbits/s (12.5--50MBYTES/s)
USB 2.0: 480Mbits/s
Wide Ultra2 SCSI: 80MBYTES/s
Ultra3 SCSI: 80MBYTES/s
Wide Ultra3 SCSI: 160MBYTES/s
FC-AL Fiber Channel: 100-400MBYTES/s
© 2001 SPYRUS, Inc.
7
USB Crypto Tokens
New type of USB device
 Hybrid of smart card and USB device
 Direct connect



USB devices are typically connected via a cable
Board mounted USB connectors are not USB certified
yet
Often requires an A-to-A extension cable

Not approved by USB organization
© 2001 SPYRUS, Inc.
8
Example Device: Rosetta USB
FIPS 140-1 Level 3 Design
Sturdy key-ring hole
Internal LED for
visual status
USB 1.1 interface
© 2001 SPYRUS, Inc.
9
Drive for USB Tokens
Lower deployment costs
 No reader required
 Easier install
More functionality possible than smart card
Durability

More rugged if unit encapsulated
© 2001 SPYRUS, Inc.
10
Rosetta USB Features
Uses same SPYCOS chip as Rosetta Smart
Card
 High Assurance

FIPS 140-1 Certified
 Algorithm Agile

RSA, DSA, DES, 3DES, etc.
 Standards Support
© 2001 SPYRUS, Inc.
11
High Assurance
 FIPS 140-1 Level 2 Certified
 ITSEC E4 High certified processor
 DPA Resistant
 Prevents exploitation of private keys through timing or
power analysis
 NSA tested SPYCOS chip
for 6 weeks
© 2001 SPYRUS, Inc.
12
Plug and Play?
Middleware is necessary to provide the glue
between an application and the token
 PKCS#11 Support

Netscape Browser and Mail
 CSP Support


IE 5, Outlook 98+,
Win 2000 Smart Card Logon
APPLICATION
PKCS#11
CSP
SPEX/ Library
SWF
© 2001 SPYRUS, Inc.
13
Summary
USB Security Tokens Offer:
 High Assurance



FIPS 140-1
ITSEC
Common Criteria
 Lower Deployment Costs
 More Durable
 Interoperable
© 2001 SPYRUS, Inc.
14
Thank You
© 2001 SPYRUS, Inc.